It's impossible to add the login in a proper way on the bank website Chebanca
Hello,
I often login to my bank account on this address
the field requested are login, date of birth and a pw. 1password seems to be unable to save such credentials.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:chebanca
Comments
-
Hi, @Ands. Thanks for your post. I tried creating a Login that works on this site and I have good news and bad news. The bad news is that I replicated the bad behavior you saw. The good news is that there are two items of good news.
First, if you add a custom field to 1Password for the Data di nascita field, it should fill easily. Here's what that looks like on my machine:
You might also notice that the Codice di accesso is not the password for this item and in fact is not marked as a password field. In fact, it took me a moment to figure out how they were achieving a concealed field because they weren't using another trick I have seen in the past. Here's what the code says:
Basically, this is a regular text field just like the other fields, but they are using a special font displays the text as •. Like I said in another thread, we haven't really documented this yet, and this is the kind of scenario that makes it challenging to do so.
So, I learned something new today! :chuffed: I'm not sure if this is deliberate to thwart password managers or if it is someone aiming to show how clever they are, but this technique seems wrong-headed to me and I'd love to know the thought process that went into it because it requires some deliberate effort to make a text field look like a password rather than just using a simple
<input type="password">.The other piece of good news is that 1Password X handles the page better. It's not perfect, but filling with 1Password X on this page actually works. The Codice cliente fills even though it appears to stay empty. If you click into the field, the value with 1Password's field highlighting shows up.
I hope this helps. We're always looking to make 1Password's filling better, but at the same time, some sites really make it a challenge! :dizzy:
--
Jamie Phelps
Code Wrangler @ 1Password
Olympia, WA0 -
In discussing this a bit more with some other filling developers, I learned more about this
font-family: text-security-discapproach that I highlighted on the right side of my screenshot. I don't know if this is the motivation of CheBanca, but it seems this technique is used by some to sidestep security warnings from your web browser that would only show up when there are actual password fields on the page. Troy Hunt is a friend of 1Password and has an excellent case study that involves this issue. You can read more here if you're interested: https://www.troyhunt.com/bypassing-browser-security-warnings-with-pseudo-password-fields/ Like I said, I can't say that this is CheBanca's motivation, but it would definitely give me pause.0 -
Hello @jxpx777 ,
First of all thank you very much for taking time into my issue and for providing some solution.I have replicated the same login info as the one you have showed me but I didn't have much luck. To recap, I left "codice cliente" ad the login / ID as it was, I added one date field for the date of birth and one text field for the PIN under it.
However, every time i use the PW manager all fields are filled with the "codice cliente". Maybe I have missed something.Changing topic, I did know about the existence of 1passsword X. I would take advantage and ask you what is the difference compare to my actual set up. I am using the last version of the windows 10 app together with the Chrome Extension. I am wondering which solution is better and if I should switch to 1password X.
0 -
My pleasure, Ands! If you had the codice cliente in the password field, this will never fill and you can simply remove it; if the field is not actually a password field, 1Password will not fill your password into it.
1Password X is a standalone extension. This has benefits and challenges, but there are some improvements to how 1Password interacts with web pages in 1Password X that are not in the extension that works with the native app only. The most important thing about 1Password X is that it only works with 1Password memberships since it has to authenticate with the server and maintain an encrypted copy of your data.
The filling improvements I mentioned are fairly recent and it looks like the Windows app does not have them yet. I'll see if I can nudge the Windows team to get an update out with the new version of the library included. The improvements are definitely in the latest 1Password X though!
Ciao!
--
Jamie Phelps
Code Wrangler @ 1Password
Olympia, WA0 -
@jxpx777 I managed to make the Codice Cliente and the PIN fill with 1password x by putting all the data as text beside the date. The date doesn't fill but whatever I still remember my birthday :pirate:
1password X is nice the only bothering thing is that it does not unlock the desktop up which is still useful for some things.
Grazie e a presto!
0 -
Yes, you're correct that the separate unlock states between 1Password X and the apps is a sore spot. We're working on some things in this area. :smile:
0
